LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 07-26-2007, 02:08 PM   #1
rpfrimmer
LQ Newbie
 
Registered: Jul 2007
Posts: 2

Rep: Reputation: 0
How to prevent directory browsing in ftp, but still download from folder


Hello everyone,

I'm currently trying to setup an ftp site using VSFTP and have a couple requirements for anonymous access to different folders on the site.

I have created the following folders:
- Pub - setup that you can browse the contents and is read only.

- Incoming - setup that you can browse the contents and upload files, but cannot download them.

- Test - I need to be able to configure this folder so that directory browsing is turned off, however you can still download files if you have the direct link to the file.

I have tried modifying the permissions on the folder every way that I can think of, but have not found a way to do this.

Any and all suggestions would be appreciated.
 
Old 07-27-2007, 10:49 PM   #2
{BBI}Nexus{BBI}
Senior Member
 
Registered: Jan 2005
Location: Nottingham, UK
Distribution: Mageia 3 / CrunchBang Linux 10 Statler / Easy Peasy
Posts: 4,293

Rep: Reputation: 205Reputation: 205Reputation: 205
You need the chroot option. Take a look at the vsftp.conf file, instructions should be in there.
 
Old 07-28-2007, 06:49 AM   #3
rpfrimmer
LQ Newbie
 
Registered: Jul 2007
Posts: 2

Original Poster
Rep: Reputation: 0
Sorry I forgot to mention this is for the anonymous user. They will need to be able to access the pub, incoming, and other folders including the folder that I want to prevent browsing in.

If I use chroot they won't be able to access the pub or incoming folders. Or am I thinking about this wrong?
 
Old 07-29-2007, 02:07 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,539
Blog Entries: 51

Rep: Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604
- Incoming - setup that you can browse the contents and upload files, but cannot download them.
This is not a Best Practice, especially in the context of allowing unrestricted access + anonymous users. The purpose of an incoming directory should be to allow uploading files (the FTP user having write access on the directory), no downloading (chmod and chown files to an unprivileged user and move them to a separate holding area) and it certainly not have readable contents (the FTP user NOT having read access on the directory).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
FTP Server: Prevent user from getting out of their root directory Swakoo Linux - General 4 03-02-2007 01:42 AM
Changing File Permission in a FTP directory to prevent deleting of files shawnbishop Linux - Software 3 01-10-2006 05:41 AM
FTP users prevent browsing to other directories mephesto Linux - Software 2 05-07-2005 10:03 AM
using ftp to download whole folder -- script or command ? hq4ever Linux - Networking 7 10-22-2004 11:41 AM
download entire directory via ftp peok Linux - General 5 12-27-2003 06:37 AM


All times are GMT -5. The time now is 03:28 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration